EP2106643A1 - Verfahren und system zur inhaltsverwaltung in einem sicheren kommunikationssystem - Google Patents

Verfahren und system zur inhaltsverwaltung in einem sicheren kommunikationssystem

Info

Publication number
EP2106643A1
EP2106643A1 EP07845522A EP07845522A EP2106643A1 EP 2106643 A1 EP2106643 A1 EP 2106643A1 EP 07845522 A EP07845522 A EP 07845522A EP 07845522 A EP07845522 A EP 07845522A EP 2106643 A1 EP2106643 A1 EP 2106643A1
Authority
EP
European Patent Office
Prior art keywords
message
key
server
keys
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07845522A
Other languages
English (en)
French (fr)
Other versions
EP2106643A4 (de
Inventor
Christian Peel
Cuneyt Karul
Luke Corrigall
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Echoworx Corp
Original Assignee
Echoworx Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Echoworx Corp filed Critical Echoworx Corp
Publication of EP2106643A1 publication Critical patent/EP2106643A1/de
Publication of EP2106643A4 publication Critical patent/EP2106643A4/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Definitions

  • TITLE METHOD AND SYSTEM FOR CONTENT MANAGEMENT IN
  • the present invention relates to electronic communication systems and more particularly, to a method and system for managing content for secure communications.
  • the present invention provides a method and system for managing content in a secure communication network or system.
  • the present invention provides a server for managing encrypted messages in a system having a key management server and a server for sending and receiving encrypted messages and a message content manager for processing messages
  • the server comprises: an interface for receiving an encrypted message from the message content manager; a key module for storing a plurality of keys from the key management server, the keys are associated with users on the message server; a decryption module for decrypting the encrypted message into a decrypted message, the decryption module utilizes one of the keys for the user associated with the encrypted message; and an interface for transmitting the decrypted message to the message content manager for further processing.
  • the present invention provides an apparatus for managing secure messages in a communication system, the apparatus comprises: means for capturing one or more of the secure email messages in the communication system; means for associating a key with the secure messages; means for converting said captured secure message into a readable form using the key; means for processing the converted secure message.
  • the present invention provides a method for processing encrypted messages for policy enforcement in a communication system, the method comprises the steps of: capturing an encrypted message in the communication system; recovering and associating a key with the captured encrypted message; using the key to convert the captured encrypted message into a message with readable content; managing the message based on the readable content.
  • the present invention provides a system for processing encrypted messages in a communication system having a message server for sending and receiving encrypted messages and a message processor, the system comprises: a monitor for monitoring messages from the message server and a module for capturing one or more of the messages; a decryption engine for decrypting the captured email messages into corresponding clear text email messages; a router for routing one or more of the clear text messages to the message processor for further processing.
  • the present provides a storage medium having stored therein executable commands for execution on a processor when executing the commands in a communication system for performing: capturing an encrypted message from the communication system; recovering one or more keys for users of the communication system; associating one of the keys with the user for the captured encrypted message; using the key to convert said captured encrypted message into a readable message; and forwarding the readable email message for further processing.
  • FIG. 1 shows in diagrammatic form an exemplary communication network for an enterprise operating a peer-to-peer security platform and including a content management mechanism according to an embodiment of the invention
  • FIG. 2 shows in block diagram form an arrangement for the secure content management content server according to an embodiment of the invention
  • FIG. 3 shows an initialization process for the secure content management server according to an embodiment of the present invention
  • FIG. 4 shows a startup process for the secure content management server according to an embodiment of the present invention
  • FIG. 5(a) shows in diagrammatic form an exemplary request message structure for the web service interface of Fig. 1 ;
  • FIG. 5(b) shows in diagrammatic form an exemplary response message structure for the web service interface of Fig. 1 ;
  • Fig. 6 shows in flowchart form a process for decrypting email for the secure content management service according to an embodiment of the invention;
  • FIG. 7 shows in block diagram form an arrangement for the secure content management content server according to another embodiment of the invention.
  • FIG. 8 shows in diagrammatic form implementation of a management module for the secure content management server according to an embodiment of the invention.
  • FIG. 9 shows exemplary execution threads for a process for scrutinizing messages for the secure content management server according to an embodiment of the invention.
  • Fig. 1 shows in diagrammatic form an exemplary communication system 100 for an enterprise denoted generally by reference 102.
  • the enterprise 102 comprises an information technology (IT) infrastructure which includes an enterprise email server 104 and an enterprise services or processing module 106.
  • IT information technology
  • a secure content management server 110 is deployed within the IT infrastructure of the enterprise 102.
  • the SCM 110 may be deployed at a service provider, an Internet service provider (e.g. an "instance" of a provider), or another remote location, such as an archiving facility.
  • the SCM 110 may be implemented as a stand-alone system or appliance, or the SCM 110 may be implemented as an integrated component in an appliance, (for example, a software program or suite from another manufacturer), either remotely or locally at the enterprise location.
  • the enterprise services module 106 may comprise a policy enforcement component (e.g. server) indicated by reference 112, an archiving component or server indicated by reference 114, and/or a virus and spam filter component or server 116.
  • the secure content management server 110 interfaces to a key management module or server indicated generally by reference 120.
  • the embodiments of the present invention are described in the context of a peer-to-peer (i.e.
  • end-to-end encryption system for email based on the Echoworx Secure SuiteTM, available from Echoworx Corporation, 4101 Yonge Street, Suite 708, Toronto, Ontario, CANADA M2P 1N6. It is also to be appreciated that while embodiments according to the present invention are described in the context of a secure email system with end-to-end encryption, the present invention finds application according to the present and other embodiments to different types of secured content messaging and communication systems, such as for example, Instant Messaging or IM.
  • IM Instant Messaging
  • the secure content management server (SCM) 110 comprises an administrative services interface 122, a decryption module 124 and an interface 126.
  • the secure content management server comprises an administrative services interface 122, a decryption module 124 and an interface 126.
  • the secure content management server comprises an administrative services interface 122, a decryption module 124 and an interface 126.
  • the secure content management server comprises an administrative services interface 122, a decryption module 124 and an interface 126.
  • the secure content management server 110 includes a memory or cache for storing cached user keys, indicated generally by reference 128.
  • the secure content management server 110 may also include memory storage for recovery keys, indicated generally by reference 130.
  • the secure content management server 110 may also include a management module 132 as described in more detail below.
  • the secure content management server 110 comprises a Web service and is implemented utilizing an interface based on SOAP technologies.
  • the secure content management server 110 may be implemented as a service with an API (Application Program Interface).
  • API Application Program Interface
  • the administrative services interface 122 in the SCM server 110 provides a communication interface to the key management server 120 over a secure communication link or channel indicated by reference 121.
  • the administrative services interface 122 comprises a command-line implementation, or an API implementation, and the SCM server 110 is associated with a "SCM Administration" key on the ESS server (i.e. server 120) for authentication and authorization, which are assigned to a SCM administrator indicated by reference 103.
  • the SCM server 110 utilizes an instance of the administrative services interface 122 to connect to the ESS server 120 over the secure link 121.
  • the administrator e.g.
  • the enterprise administrator 103) for the SCM server 110 is provided with an authentication key in order to use the administrative services interface 122 and have access to the ESS server 120.
  • the enterprise administrator 103 will have an identity for the administrative services interface 122 and the administrator logs onto the administrative services interface 122 with a device containing the administrator's authentication key, for example, a secure removable drive.
  • the interface 126 comprises a Web Service interface 126, which provides an interface between the SCM server 110 and the enterprise services module 106 (i.e. the policy enforcement component 112, the archiving component or module 114, and the virus and spam filter 116).
  • the SCM server 110 responds to a request (e.g. bulk or single requests) from the enterprise services module 106 to convert an encrypted email (e.g. S/MIME) into clear text email (e.g. MIME).
  • the decryption module 124 receives S/MIME messages 127 and converts (i.e. decrypts) the S/MIME messages into corresponding clear text or MIME messages which are passed back 129 to the enterprise services module 106.
  • the interface between the decryption module 124 and the enterprise services module 106 for transferring the S/MIME 127 and/or the MIME 129 messages may comprise a secure communication link or channel, for example, using SSL.
  • the decryption module 124 includes a decryption engine for decrypting the S/MIME messages, which can be implemented in a manner readily apparent to one skilled in the art.
  • the decryption engine comprises hardware accelerated encryption/decryption components, for example, "crypto card(s)".
  • the decryption module 124 utilizes encryption keys associated with users (i.e. "end-users") of the enterprise email server 104.
  • the keys comprise a public -private key pair for each user and the keys are recovered (i.e. downloaded) from the ESS server 120, for example, as part of a startup sequence for the SCM server 110 as described in more detail below.
  • the keys comprise key parts, and the key parts are downloaded and reconstituted on the SCM server 110, as described in more detail below.
  • the keys or key parts are recovered or downloaded on an as-needed basis or as part of a background process.
  • the user keys are stored or cached in the cache memory 128 for the SCM server 110 and used to decrypt email when possible.
  • the SCM server 110 includes memory 130 for storing recovery keys.
  • the recovery keys are associated with the Recovery Authority for the ESS server 120 and comprise a minimum number of keys used for key recovery.
  • the SCM server 110 also includes secure memory for storing the administrator username and key for the Administrative Services Interface 122, which are used in communications with the ESS server 120.
  • the Administrative Services Interface 122 includes a function or component (for example, running as part of the software) for deleting or otherwise eliminating sensitive information cached or stored in memory, for example, in response to a system reboot, power outage or a security breach.
  • a function or component for example, running as part of the software
  • hardware crypto cards may be utilized to securely store keys, for example, in high-security installation.
  • the SCM server 110 may include the management module 132.
  • the management module 132 interfaces to the decryption module 124 and includes a routing function.
  • the management module 132 intercepts or otherwise acquires S/MIME message(s) and uses the decryption module 124 to convert the S/MIME message into a decrypted MIME message, and then routes the MIME message to one or more third party content management devices.
  • the management module 132 includes an exception handler for providing further processing or handling of email messages. The management module 132 according to an embodiment of the invention is described in more detail below with reference to Figs. 7, 8 and 9.
  • Email messages both incoming and outgoing, (indicated generally by reference 140 in Fig. 1) arrive at the enterprise email server 104.
  • the enterprise services module 106 includes a software process or function (i.e. code components) for intercepting or otherwise capturing email traffic from the enterprise email server 104, for example, by journaling the email server 104, or by tracing the network email traffic.
  • the captured email is then passed or transferred to the service(s) provided by the enterprise services module 106, for example, the policy enforcement component 112, the archiving component 114 and/or the virus and spam filter 116.
  • the services in the enterprise services module 106 comprise content management systems, which include a capability (i.e. software process or function) for detecting an encrypted email, and once detected the software process calls or invokes the Web Services interface 126 and the full body of the encrypted (i.e. S/MIME) message 127 is transferred to the decryption module 124. An indication of whether of the email is incoming or outcoming may also be provided for decrypting the message.
  • a capability i.e. software process or function
  • S/MIME Secure Socket Layer
  • the communication 127, 129 may be deployed using a secure link or channel, for example, using a Secure Socket Layer or SSL implementation or other Web based authentication mechanisms as will be familiar to those skilled in the art.
  • the secure content management server is operable in a passive mode according to one embodiment and in an active mode according to another embodiment.
  • the passive mode of operation the secure content management server functions in response to requests from content management systems (e.g. policy enforcement, archiving, virus and spam filter) to generate a MIME version of a S/MIME email message. Without the conversion, the encrypted email message would otherwise not be processed by the content management system(s).
  • the active mode of operation comprises a management module according to an embodiment of the invention and is described in more detail below and with reference to Figs. 7 to 9.
  • the passive mode of operation is also possible by deactivating the management module.
  • Fig. 2 shows the secure content management server or SCM server 110 configured for a passive mode of operation according to an embodiment.
  • the SCM server 110 is coupled to the policy enforcement module 112, the archiving system 114 and the virus and spam filter system 116.
  • the SCM server 110 includes representations of different software processes or functions and files local to the SCM server 110, which are represented as ovals in the drawing. Any suitable programming language may be used to implement such processes and files.
  • the SCM server 110 includes a web service software module 202, a decryption engine software module 204, a recover keys software module 206, a cache keys software module 208 and a clear cache(s) software module 210.
  • the policy enforcement module 112 includes a policy manager software module 222
  • the archive server 114 includes an archive software module 224
  • the virus and spam filter 116 includes a virus and spam software module 226.
  • Each of the policy enforcement module 112, the archive server 114 and the virus and spam filter 116 include a process messages software module, indicated by reference 228, 230 and 232, respectively.
  • the policy manager 222 is operable to apply "policies" or enterprise defined rules to user email.
  • the rules for policy enforcement may be content based (e.g. blocking of messages containing sensitive or confidential enterprise information) or recipient based (e.g. email message is addressed to an unauthorized or unknown recipient).
  • the archive software module 224 is operable to archive messages for storage and subsequent retrieval.
  • the virus and spam software module 226 is operable to scan the messages for viruses (and take appropriate steps, e.g. quarantine) and block spam.
  • the messages must in a readable or readily scannable form.
  • the email messages comprise encrypted S/MIME emails, and they are converted by the SCM server 110 into clear text MIME email messages, as described in more detail below.
  • the process messages module 222, 224, 226 in each of the external systems is operable to detect an encrypted message and forward the encrypted message to the SCM server 110 and generate a conversion or decryption request.
  • the web service module 202 is operable to receive the encrypted message(s), e.g. S/MIME email, from any one of the external systems 112, 114, 116, and invoke the decryption engine 204 (e.g. in response to a conversion request).
  • the decryption engine 204 is operable to convert the S/MIME email into a clear text MIME message, which is then transferred back to the external system by the web service module 202.
  • the clear text MIME message is then available for policy enforcement, archiving and/or virus scanning and spam filtering.
  • the decryption engine 204 utilizes end-user keys accessed or retrieved from the ESS server 120.
  • the recover keys software module 206 is operable to retrieve end-user key parts from the ESS server
  • the end-user keys are stored or cached in memory in the SCM server 110 for ready access by the decryption engine 204 and increased performance.
  • the clear caches software module 210 is operable to delete or otherwise eliminate the end-user keys when they are no longer needed, for example, when the SCM server 110 is shut down.
  • the ESS server 120 includes a user keys software module 203.
  • the user keys module 203 sends back "key parts" (for example, an encrypted form of the user keys).
  • the recover keys module 206 decrypts the key parts, for example, using a mathematical algorithm utilizing M of N of the recovery keys, as described in more detail below.
  • the SCM server 110 recovers keys "on the fly” or "as needed", i.e. the recover keys module 206 requests the key parts for user(s) from the user keys module 203 on the ESS server 120 and processes them with previously obtained or cached recovery authority keys.
  • the system 100 utilizing an ESS server for the key management server 120, there are two procedures to recover or retrieve the private key(s) for a user.
  • the first procedure comprises a user entering key recovery answers to one or more previously defined questions.
  • the second procedure comprises escrowing the private key(s) for the user.
  • the key recovery e.g. the recover keys module described above with reference to Fig. 2
  • the SCM server 110 utilizes key escrowing in a key recovery procedure to recover keys for end-users, as described in more detail below.
  • An end-user uses the signing key pair to sign the his/her email.
  • the signing key pairs are not escrowed.
  • the cipher key pairs can be recovered under certain conditions from the ESS server by a number, e.g. quorum, of recovery authorities that have been previously registered in the system and are authorized to perform key recovery.
  • the created private key is processed through a mathematical algorithm (in known manner) using the public keys of the recovery authorities and then saved on the ESS server 120 for subsequent key recovery.
  • the private key for an end-user is not usable unless a minimum number of recovery authorities use their respective keys to recover the private key for a recovery recipient, e.g. the SCM server 110 or the end-user associated with the private key.
  • Key recovery typically involves two or more key authorities, a recovery recipient that receives the recovered (private) key, and a recovery manager that controls the recovery process.
  • the key recovery procedure (i.e. the recovery keys software object 206) for the SCM server 110 is implemented to provide the following functionality and features: (1) the key recovery procedure is performed once and the recovered private keys for the end-users are stored or cached in memory on the SCM server 110; (2) the credentials of the key recovery authorities are available to the SCM server 110 during boot-up; (3) the escrow process is not recorded or otherwise saved in memory; (4) email notifications are not sent to the key recovery authorities.
  • the key recovery process is performed on the SCM server 110 utilizing key parts retrieved or recovered from the ESS server 120 using the administrative services interface 122 (Fig. 1).
  • an API implementation is utilized for key recovery.
  • Fig. 3 shows an initialization procedure for the SCM server 110 (Fig. 1) according to an embodiment of the invention and indicated generally by reference 300.
  • the initialization procedure is implemented in one or more software objects or modules that run or are otherwise executed on the SCM server 110.
  • the initialization procedure 300 typically takes place after the SCM server 110 has been deployed and the enterprise configuration completed, including creation of recovery authorities.
  • Initialization starts with the SCM server 110 reading configuration parameters, such as the URL for the ESS server administration interface, and SCM administrator credentials, as indicated by 302.
  • the SCM server 110 prompts the SCM administrator to enter a password, e.g. using the command-line interface on the administration services interface 122 (Fig. 1), as indicated by 306.
  • the password may be passed as a command line argument during startup.
  • the SCM server 110 uses the provided administrator password, the configuration parameters and SCM administrator key, the SCM server 110 connects to the ESS server 120 (Fig. 1), as indicated by 308.
  • the connection to the ESS server 120 is established over a secure communication layer or channel 121 (Fig. 1).
  • the SCM server 110 sends the SCM server 110 the number of "managed recovery authorities" and the "realm public key", as indicated by 310.
  • the SCM server 110 prompts the recovery authorities to enter their user names (e.g. email addresses), key locations, and their passwords, as indicated by 312.
  • this process is managed by the SCM administrator and the recovery authorities provide their credentials (e.g. on a removable storage media) and enter their passwords when requested by the administrator, as indicated by 314.
  • the process should involve more than M recovery authorities.
  • the SCM server 110 combines them, for example, in LOGON OBJECT format, and encrypts them using the public key of the SCM administrator, as indicated by 318.
  • the SCM server 110 re-encrypts the LOGON OBJECT using a Realm public key, as indicated by 320.
  • the SCM server 110 then serializes, i.e. writes, the encrypted LOGON OBJECT file to a hard disk or to a removable drive or storage media, which is then made available for the day-to- day startup process for the SCM server 110.
  • Fig. 4 shows a startup procedure for the SCM server 110 (Fig. 1) according to an embodiment of the invention and indicated generally by reference 400.
  • the startup procedure 400 is implemented in one or more software objects or modules that run or are otherwise executed on the SCM server 110.
  • the startup procedure 400 is typically executed whenever the SCM 110 server is restarted, for example, after power failure, maintenance, etc.
  • the startup procedure 400 serves to authorize the ESS server 120 connection with the logon key/password for the administrator, and also loads the recovery authority keys to memory (for example, as indicated by 130 in Fig. 1).
  • the startup procedure 400 starts with SCM server 110 reading the configuration parameters, for example, the URL for connection, the location of the credentials for the SCM administrator, as indicated by 402.
  • the SCM server 110 then prompts the SCM administrator 103 to enter a password on the command-line interface of the SCM administration services interface 122 (Fig. 1), as indicated by 406.
  • the password may be passed as a command-line argument during startup.
  • the SCM server 110 uses the provided administrator password, the configuration parameters and SCM administrator key, the SCM server 110 connects to the ESS server 120 (as also shown in Fig. 1), as indicated by 408.
  • the SCM server 110 sends the LOGON OBJECT file to the ESS server 120, as also indicated by 408.
  • the ESS server 120 decrypts the LOGON OBJECT and sends a decrypted version back to the SCM server 110, as indicated by 410.
  • the SCM server 110 decrypts the received LOGON OBJECT again using the private key of the SCM administrator, as indicated by 402.
  • the decrypted LOGON OBJECT provides the keys for the recovery authorities in clear text.
  • the SCM server 110 loads the recovery authority keys into memory (e.g. memory module 130 in Fig. 1).
  • the SCM server 110 is now in a state ready to receive and process requests from the enterprises services module 106 (Fig. 1).
  • Figs. 5(a) and 5(b) show an exemplary request and response structure for the web service interface 126 (Fig. 1) implemented using SOAP protocol.
  • Fig. 5(a) shows an exemplary request message structure indicated generally by reference 500
  • Fig. 5(b) shows an exemplary response message structure indicated by reference 501.
  • the request 500 includes two arguments: a MessageContent field (indicated by reference 502 in Fig.
  • the MessageContent field 502 comprises a BASE64 encoded version of the S/MIME message.
  • the MessageType field 504 comprises a string declaring whether the message is incoming or outgoing.
  • the MessageType field 504 is provided for determining the correct end-user key, which is then used to decrypt the message.
  • the response 501 includes a MessageContent field, indicated by reference 503 in Fig. 5(b) and an Exception field, indicated by reference 505 in Fig. 5(b).
  • the MessageContent field 503 comprises the decoded message (e.g. MIME).
  • the response 501 returns the decrypted message (MIME) encoded with BASE64 in the MessageContent field 503. If the request has failed, then the response returns an exception condition in the Exception field 505.
  • Fig. 6 shows in flowchart form a process for handling encrypted messages according to an embodiment of the invention and indicated generally by reference 600.
  • the process is implemented in software object(s) or module(s) in the decryption module 124 (Fig. 1) of the SCM server 110.
  • the SCM server 110 and/or system 100 and/or processing steps can be varied, and need not work together exactly as described, and that such variations are within the scope of the invention.
  • the order of performance of various steps can be varied, and certain steps can be omitted and/or additional steps can be added as desired.
  • a message e.g. an email
  • a requester for example, the enterprise services module 106 (Fig. 1).
  • the decryption module 124 receives a SOAP message with a BASE64 encoded S/MIME message contents and a message type indicator that identifies the message as incoming or outgoing (for example, as described above with reference to Fig. 5).
  • the decryption module 124 executes a software object or module that converts the message to binary and sources the header information and message parts as specified by the S/MIME protocol.
  • the software object can also verify whether the message is a valid S/MIME message and determine whether the message is incoming or outgoing.
  • the decryption module 124 identifies or matches the sender address for the email to a username in the ESS server 120.
  • the decryption module 124 determines if a user key for the identified username is stored or cached in memory. If a user key is not locally available or cached, then, at step 614, the decryption module 124 executes a software object for recovering the key. For an implementation based on the ESS server 120, the recovery process involves retrieving 'key parts' for the user from the ESS server 120.
  • the decryption module 124 executes a software object which utilizes the retrieved key parts and the recovery authority keys (loaded in memory 130 during startup of the SCM server 110) to generate the private-key associated with the identified username.
  • the decryption module 124 then executes a software object to store or cache the private-key for the user in memory, as indicated at step 618.
  • the decryption module 124 executes a software object (e.g. a decryption engine) that decrypts the email using an encryption key pair comprising the private-key and a specified public key.
  • the decryption module 124 then executes a software object to return or transfer the decrypted email message to the requester via the web service interface 126 (Fig. 1), as indicated at step 622.
  • Fig. 7 shows the secure content management server or SCM server 110 (Fig. 1) configured for an active mode of operation according to another embodiment of the invention.
  • the SCM server 110 includes a management module for example as indicated by reference 132 in Fig. 1.
  • the SCM server 110 is also provided with a message, e.g. email, interception module or listener module, indicated by reference 702.
  • the SCM server 110 is configured to monitor other types of messages or communications with secured content, for example, secured instant messaging.
  • the management module 132 uses the email interception module 702 to monitor email traffic and decrypt email "on the fly" and manages the external content management systems (i.e. a message processor) in the handling or processing of the decrypted email, as will be described in more detail below.
  • the management module 132 includes a software object 710 for controlling the email interception module 702, a software object 720 for receiving captured email from the email interception module 702, a software object 730 for releasing email to the email interception module 702.
  • the management module 702 also includes a software object 740 for managing the external content management or message processing systems, for example, the policy enforcement system 112, the archiving system 114 and/or the virus scanner and spam filter system 116, as shown in Fig. 7.
  • the management module 132 instructs the email interception module 702 to "listen".
  • the email interception module 702 monitors the email traffic in the email server and captures email which is then routed to the SCM server 110. Email which is not encrypted and/or not subject to policy enforcement may be released without further processing. Otherwise, the captured email is decrypted by the SCM server 110, for example, as described above.
  • the decrypted or clear text email is then processed according to the policy enforcement rules. For example, the clear text email is scanned by the virus check system 116 and if virus clear (or sanitized), the clear text email is encrypted back to S/MIME and released by the SCM server 110. In another example, the clear text email is scrutinized for confidential information and if acceptable, the clear text email is re-encrypted by the SCM server 110 and released.
  • Fig. 8 shows in schematic form a secure content management server according to another embodiment of the invention and indicated generally by reference 800.
  • the SCM server 800 includes a decryption module 810 and a management module indicated by reference 820.
  • the management module 820 supports an extensible architecture comprising a listener 830 and a plurality of actions indicated generally by reference 840.
  • the listener 830 is implemented as an event driven object that responds to certain trigger(s) and in response activates one or more or a sequence of the Actions 840.
  • the listener 830 may comprise a timer event that "kicks-in" or triggers after a pre-determined period of time.
  • the listener 830 may also be implemented as a custom class that responds to other event(s), such as "sniffing" emails (i.e. monitoring network communications and identifying and extracting messages such as secure email messages) over the enterprise network.
  • the listener classes are implemented with the same interface and therefore the management module 820 can instantiate more than one listener dynamically during run-time.
  • the Actions 840 are also defined by an interface that is implemented by classes to achieve a desired functionality. Actions are generally triggered by the listener(s) in the order that they are configured and the outcomes of the Actions are passed on to the next action dynamically. Actions include common implementation classes, or custom implementation classes, which comprise a stub to call external adapters, for example, on the same machine or on a different physical machine.
  • the actions include an Action:Read 840a, an Action: Decrypt 840b and an Action:Write 840c.
  • the listener 830 is implemented with Implementation Class:TimerListener.
  • the Action:Read 840a is implemented with Implementation Class:ExchangeFolderReader.
  • the Action:Decrypt 840b is implemented with Implementation Class:DefaultDecrypter.
  • the Action:Read 840c is implemented with Implementation Class:ExchangeFolderWriter.
  • email messages are read from and written to an exchange folder adapter 850 as shown in Fig. 8, which acts as a repository for the email exchange server 860.
  • the management module 900 comprises two listeners: a Listener:Timer 910 and a Listener:Event Listener 920.
  • the first Listener:Timer 910 is associated with Action:Read Message 912, Action:Decrypt Message 914, Action:Trigger Listener Event 916, Action:Call Spam Adapter 918 and Action:Send Email Notification.
  • the second ListenerEvent Listener 920 is associated with Action:Call Archiving Adapter 922 and Action:Log Information to File 924.
  • the first Listener 910 and associated Actions 912 to 919 comprise a first execution thread indicated generally by reference 901.
  • the second Listener 920 and associated Actions 922 to 924 comprise a second execution thread indicated generally by reference 902.
  • the second execution thread 902 is triggered by the Action:Trigger Listener Event 916.
  • the Listene ⁇ Timer 910 is triggered by a time-out (e.g. timer interrupt) and invokes the Action:Read Message 912, which reads (i.e. retrieves) an email message, for example, via the Exchange Folder Adapter 850 (Fig. 8), and passes the email message to the Action:Decrypt Message 914.
  • the Action:Decrypt Message 914 calls the decryption module 124 (Fig. 1) to convert the S/MIME email message to a clear text MIME message, which is then passed to the Action: Trigger Listener Event 916.
  • the Action:Trigger Listener Event 916 passes the MIME message to the Action:Call Spam Adapter 918 and also triggers the second Listener :Event Listener 920, which initiates execution of the second thread 902.
  • the Action:Call Spam Adapter 918 calls the virus scanner and spam filter module 116 (Fig. 1) to scan the MIME message, and passes the result of the spam filter to the ActionrSend Email Notification 919.
  • the Action:Send Email Notification 919 sends a notification if the email message is spam.
  • the Listene ⁇ Event Listener 920 receives the clear text MIME message from the Action:Trigger Listener Event 916 and passes it to the Action:Call Archiving Adapter 922.
  • the Action:Call Archiving Adapter 922 calls the archiving system 114 (Fig. 1) and passes archive indication to the Action:Log Information to File 924 which logs the archive.
  • additional or different Listening triggers and/or actions may be configured to provide additional or other functionality for the SCM server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
EP07845522A 2006-11-27 2007-11-16 Verfahren und system zur inhaltsverwaltung in einem sicheren kommunikationssystem Withdrawn EP2106643A4 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/604,286 US8085936B2 (en) 2006-11-27 2006-11-27 Method and system for content management in a secure communication system
PCT/CA2007/002052 WO2008064461A1 (en) 2006-11-27 2007-11-16 Method and system for content management in a secure communication system

Publications (2)

Publication Number Publication Date
EP2106643A1 true EP2106643A1 (de) 2009-10-07
EP2106643A4 EP2106643A4 (de) 2013-01-23

Family

ID=39463717

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07845522A Withdrawn EP2106643A4 (de) 2006-11-27 2007-11-16 Verfahren und system zur inhaltsverwaltung in einem sicheren kommunikationssystem

Country Status (4)

Country Link
US (1) US8085936B2 (de)
EP (1) EP2106643A4 (de)
CA (1) CA2610394C (de)
WO (1) WO2008064461A1 (de)

Families Citing this family (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2445711A (en) * 2005-11-15 2008-07-16 Credant Technologies Inc System and method for the secure, transparent and continuous synchronization of access credentials in an arbitrary third party system
JP4971497B2 (ja) * 2007-04-13 2012-07-11 ジーブイビービー ホールディングス エス.エイ.アール.エル. 通信プロトコル、および通信プロトコルを展開してネットワークをオペレートする方法
US7623356B2 (en) * 2007-04-25 2009-11-24 Hewlett-Packard Development Company, L.P. System and method to conjoin blade modules
US8990583B1 (en) 2007-09-20 2015-03-24 United Services Automobile Association (Usaa) Forensic investigation tool
US20090178131A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Globally distributed infrastructure for secure content management
KR101084528B1 (ko) 2008-04-15 2011-11-18 인비트로겐 싱가포르 피티이. 엘티디. 전기천공 장치용 파이펫 팁
US8910255B2 (en) * 2008-05-27 2014-12-09 Microsoft Corporation Authentication for distributed secure content management system
US20100037050A1 (en) * 2008-08-06 2010-02-11 Cuneyt Karul Method and apparatus for an encrypted message exchange
JP2010049559A (ja) * 2008-08-22 2010-03-04 Toshiba Corp 記憶装置及び記録再生システム
AU2010306534B2 (en) * 2009-12-07 2012-08-23 Bloomberg Finance L.P. Unified content scanning and reporting engine
US9105009B2 (en) 2011-03-21 2015-08-11 Microsoft Technology Licensing, Llc Email-based automated recovery action in a hosted environment
GB201108816D0 (en) * 2011-05-25 2011-07-06 Cassidian Ltd A secure computer network
US9100235B2 (en) 2011-11-07 2015-08-04 At&T Intellectual Property I, L.P. Secure desktop applications for an open computing platform
US9047476B2 (en) 2011-11-07 2015-06-02 At&T Intellectual Property I, L.P. Browser-based secure desktop applications for open computing platforms
US8839257B2 (en) 2011-11-22 2014-09-16 Microsoft Corporation Superseding of recovery actions based on aggregation of requests for automated sequencing and cancellation
US20130133024A1 (en) * 2011-11-22 2013-05-23 Microsoft Corporation Auto-Approval of Recovery Actions Based on an Extensible Set of Conditions and Policies
US9460303B2 (en) 2012-03-06 2016-10-04 Microsoft Technology Licensing, Llc Operating large scale systems and cloud services with zero-standing elevated permissions
US8869280B2 (en) * 2012-05-02 2014-10-21 Yahoo! Inc. Method and system for automatic detection of eavesdropping of an account based on identifiers and conditions
US8938613B2 (en) 2012-05-31 2015-01-20 Novell, Inc. Techniques for secure message offloading
US9338112B2 (en) * 2012-07-12 2016-05-10 Microsoft Technology Licensing, Llc Safety protocols for messaging service-enabled cloud services
US8881249B2 (en) 2012-12-12 2014-11-04 Microsoft Corporation Scalable and automated secret management
US9356918B2 (en) * 2013-03-13 2016-05-31 Google Inc. Identification delegation for devices
US9542563B2 (en) 2013-10-24 2017-01-10 Globalfoundries Inc. Accessing protected content for archiving
US9448827B1 (en) * 2013-12-13 2016-09-20 Amazon Technologies, Inc. Stub domain for request servicing
US10432497B2 (en) * 2014-09-19 2019-10-01 Splunk Inc. Injecting custom classes in application code to facilitate network traffic monitoring
US9762585B2 (en) 2015-03-19 2017-09-12 Microsoft Technology Licensing, Llc Tenant lockbox
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
US11057210B1 (en) 2015-09-30 2021-07-06 Apple Inc. Distribution and recovery of a user secret
US10263775B2 (en) 2017-06-23 2019-04-16 Microsoft Technology Licensing, Llc Policy-based key recovery
CN107221094A (zh) * 2017-08-09 2017-09-29 电子科技大学 一种用于无人送货设备的信息加密与身份识别系统
US10608976B2 (en) * 2017-10-25 2020-03-31 Dropbox, Inc. Delayed processing for arm policy determination for content management system messaging
US11184162B1 (en) * 2018-09-28 2021-11-23 NortonLifeLock Inc. Privacy preserving secure task automation

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6192407B1 (en) * 1996-10-24 2001-02-20 Tumbleweed Communications Corp. Private, trackable URLs for directed document delivery
CA2301147C (en) * 1997-07-24 2010-07-13 Worldtalk Corporation E-mail firewall with stored key encryption/decryption
US7127515B2 (en) * 1999-01-15 2006-10-24 Drm Technologies, Llc Delivering electronic content
US6684248B1 (en) * 1999-05-03 2004-01-27 Certifiedmail.Com, Inc. Method of transferring data from a sender to a recipient during which a unique account for the recipient is automatically created if the account does not previously exist
US20020007453A1 (en) * 2000-05-23 2002-01-17 Nemovicher C. Kerry Secured electronic mail system and method
US7333616B1 (en) * 2001-11-14 2008-02-19 Omniva Corp. Approach for managing access to messages using encryption key management policies
US7146009B2 (en) * 2002-02-05 2006-12-05 Surety, Llc Secure electronic messaging system requiring key retrieval for deriving decryption keys
US7694128B2 (en) * 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for secure communication delivery
CA2394451C (en) * 2002-07-23 2007-11-27 E-Witness Inc. System, method and computer product for delivery and receipt of s/mime-encrypted data
ATE405077T1 (de) * 2003-11-26 2008-08-15 Totemo Ag Verfahren und vorrichtung zur verschlüsselung von elektronischer post
US20050182937A1 (en) * 2004-02-12 2005-08-18 Harmeet Singh Bedi Method and system for sending secure messages over an unsecured network
US20070269041A1 (en) * 2005-12-22 2007-11-22 Rajat Bhatnagar Method and apparatus for secure messaging

Also Published As

Publication number Publication date
WO2008064461A1 (en) 2008-06-05
CA2610394A1 (en) 2008-05-27
EP2106643A4 (de) 2013-01-23
US20080123854A1 (en) 2008-05-29
US8085936B2 (en) 2011-12-27
CA2610394C (en) 2013-01-08

Similar Documents

Publication Publication Date Title
CA2610394C (en) Method and system for content management in a secure communication system
CN1174302C (zh) 用于软件代理和代理活动的验证的系统和方法
JP6118778B2 (ja) 移動中のデータをセキュア化するためのシステムおよび方法
US6442686B1 (en) System and methodology for messaging server-based management and enforcement of crypto policies
US8295492B2 (en) Automated key management system
US20210119781A1 (en) Systems and methods for re-using cold storage keys
US20080098237A1 (en) Secure e-mail services system and methods implementing inversion of security control
US7281269B1 (en) Methods, data structures, and systems to remotely validate a message
EP3248360A1 (de) Systeme und verfahren für sichere kommunikation mit sicherem weg
US20090122988A1 (en) Method and apparatus for securely registering hardware and/or software components in a computer system
EP1935132B1 (de) Verarbeitung von belasteten elektronischen kommunikationen
Brown et al. A proxy approach to e‐mail security
Albrecht et al. Share with care: Breaking E2EE in Nextcloud
US8826000B2 (en) Method and apparatus for supporting cryptographic-related activities in a public key infrastructure
KR100390086B1 (ko) 통합 내부정보 유출 방지 시스템
WO2011030352A2 (en) System and method for mobile phone resident digital signing and encryption/decryption of sms
CN118740420A (zh) 一种物联网服务器的安全防护系统及方法
CN119003476A (zh) 日志文件的存储方法及装置、存储介质及电子设备
CN119652499B (zh) 量子加密方法、量子加密服务器和量子加密系统
US20240283635A1 (en) Communication system, user terminal, communication method, and communication program
Feiertag et al. A framework for building composable replaceable security services
Gennai et al. Digital Signature in Automatic Email Processing: A Customer Case Study
CN117478744A (zh) 进程通信方法、装置、计算机、存储介质及程序产品
Zhang Flexible Certificate Management for Secure HTTPS Client/Server Communication
HK40052363B (zh) 数据处理方法、装置、电子设备及介质

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090626

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20121221

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/08 20060101AFI20121217BHEP

17Q First examination report despatched

Effective date: 20140520

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20140602